In case an authentication handler can't authenticate a user, it should
return the request record unmodified, that is, it shouldn't return a new
request record with a user_ctx in it.
Throwing an exception is not the way to signal that the auth handler didn't
succeed.
Does this answer your question?
On Tue, Sep 7, 2010 at 1:51 PM, James Jackson wrote:
> Hi all,
>
> I'm just writing some custom auth handlers for a CouchDB cluster we are
> setting up. To do what we need to do, in the security context we require, I
> need to run two such custom handlers. I believe that I should be able to do
> this with the following syntax:
>
> [httpd]
> authentication_handlers = {couch_cms_auth,
> cms_backend_authentication_handler},{couch_cms_auth,
> cms_host_authentication_hander}
>
> Now, each of these handlers on their own work just fine, but I have
> problems when attempting to use both. My understanding is that if one throws
> an unauthorized exception, then the next handler in the list should be
> tried. However, I see a throw in the first handler kill the request there
> and then with a 401, without trying the second handler.
>
> Have I misunderstood this behaviour, or do I need to modify how I write my
> custom handlers so they behave with each other?
>
> Best regards,
> James Jackson.
--
Filipe David Manana,
fdmanana@gmail.com, fdmanana@apache.org
"Reasonable men adapt themselves to the world.
Unreasonable men adapt the world to themselves.
That's why all progress depends on unreasonable men."